Ransomware is software used by hackers to cripple a computer and demand a ransom from the victim (illustration). – Sipa
No, we are not in Star wars or Justice league. A mysterious group of hackers, dubbed Darkside, is, according to the FBI, responsible for a cyberattack which paralyzed one of the largest American oil pipeline operators via ransomware. On Monday, Joe Biden assured that some members appeared to be based in Russia, although there is, at this stage, no evidence of Moscow involvement.
Pipelines decommissioned by the operator
Colonial Pipeline is the one leading fuel distributor in the United States. It transports gasoline and diesel from refineries in Texas to the New York area and has more than 8,800 kilometers of pipelines. On Friday, its computer systems were targeted by a cyberattack via ransomware (ransomware), which exploits security holes to encrypt computer systems and demand a ransom to unblock them.
To protect its infrastructure, the company halted all operations on Friday, posing a risk to the oil supply in the northeast of the country. The situation remains “fluctuating,” wrote the company, which is reopening its network “in phases” with the aim of restoring most of its activities by the end of the week and avoiding a shortage.
A group of hackers who claim to be “apolitical”
The Darkside group emerged last year and specializes in ransomware attacks against medium and large companies, claiming hundreds of thousands, if not millions of dollars, to unlock their systems. It steals confidential data from its victims, especially based in Western countries, and threatens to make them public if the ransom is not paid.
The members of Darkside claim to have no political motivation, nor any link with a government. “We are apolitical” and “we do not need to be linked to a defined government”, “our goal is to make money not to create problems for society”, according to a statement posted on the darknet. Darkside also sells its software, what experts call “RaaS”, “ransomware as a service”.
Possible links with Russia
“At this stage, our intelligence services have no proof of Russian involvement,” then declared President Joe Biden, who is regularly kept informed of developments in the situation.
But “there is some evidence that the actors and the ransomware are in Russia,” he added. “They have a certain responsibility.”
Many experts suspect Darkside of being in cahoots with Russia. “We believe that it operates (and perhaps is protected) by Russia,” tweeted this weekend Dmitri Alperovich, an expert in computer security, founder of the company Crowdstrike. Their software does not work on computers that have Russian or other Eastern European languages by default on their systems, also said the cybersecurity specialist Brett Callow of Emisoft on the NBC channel.
Although these attacks primarily target the private sector, they pose a problem for national security, added Elizabeth Sherwood-Randall, the president’s deputy security adviser. “These events highlight that our vital infrastructure is essentially operated by private sector providers, ”she said. “When these companies are attacked, they are our first line of defense. We depend on their effectiveness. ”